Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

Wildcards (*) won't work with iptables. Also, using domain names in iptables rules is terribly ineffective. A DNS lookup is done when the rule is executed, and the resulting IP(s) are used in the rule. That means that you'll potentially be lacking tons of IPs, and the ones you do have might become useless anytime. If you describe the attack you are experiencing, perhaps we might offer some better suggestions as to countermeasures you can use.

We can't make any suggestions if we don't know what you need suggestions about. You need to describe (be as verbose as possible) the type of attack before we can suggest any sort of countermeasure. So far, nothing you've posted even hints at what type of attack this is.

u'll have to use ips and if u'd like to block all DOMAIN names u can these just replace where needed.

iptables -A OUTPUT -p all --destination 127.0.0.1 -j DROP

find out the ip of a domain name and then find out it's whole ip range(s). I don't know if this rule will work exactly for u, but it works for me in custom-rules using arno-iptables-firewall for blocking access to whole ip ranges which \begin edit\ equales domain names /edit end/, and also does NOT gripe about it.

yes just change 127.0.0.1 to whatever ip and add a slash and then the netmask range and restart the firewall.

Example to block the WHOLE 224.0.0.0 range - IGMP/BROADCAST range, the following rule should suffice..

nowshining, lets wait for an explanation about what the OP is trying to achieve before making these types of suggestions. Also, as has been said, iptables is simply not the right tool for filtering WWW access to specific domains. Ideally you'd want to use a proxy server. Having said that, the OP mentioned that his network was under attack, which makes it sound like this might not even be a WWW access issue at all. We need clarification in order to understand what is going on here - we can't just assume things. He hasn't logged-on ever since posting his last message, give him some time.

nowshining, lets wait for an explanation about what the OP is trying to achieve before making these types of suggestions. Also, as has been said, iptables is simply not the right tool for filtering WWW access to specific domains. Ideally you'd want to use a proxy server. Having said that, the OP mentioned that his network was under attack, which makes it sound like this might not even be a WWW access issue at all. We need clarification in order to understand what is going on here - we can't just assume things. He hasn't logged-on ever since posting his last message, give him some time.

it was just some info that i wanted to share because it seemed relevant to what i was trying to do yesterday in my time zone. .

edit: -->

adding: they could also change OUTPUT to INPUT for incoming connections...